Added csrf verification to show image upload and deletion

2015-03-02 16:00:11 -05:00 · 2015-03-02 16:00:11 -05:00 · 17d51eb0f9
commit 17d51eb0f9
parent f1a311dad6
2 changed files with 11 additions and 3 deletions
--- a/airtime_mvc/public/js/airtime/schedule/add-show.js
+++ b/airtime_mvc/public/js/airtime/schedule/add-show.js
@ -668,7 +668,7 @@ function setAddShowEvents(form) {
            var showId = $("#add_show_id").attr("value");
            
            if (showId && $("#add_show_logo_current").attr("src") !== "") {
-                var action = '/rest/show-image?id=' + showId;
+                var action = '/rest/show-image?csrf_token=' + $('#csrf').val() + '&id=' + showId;
                
                $.ajax({
                    url: action,
@ -748,7 +748,7 @@ function setAddShowEvents(form) {
            data: {format: "json", data: data, hosts: hosts, days: days},
            success: function(json) {
                if (json.showId && image) { // Successfully added the show, and it contains an image to upload
-                    var imageAction = '/rest/show-image?id=' + json.showId;
+                    var imageAction = '/rest/show-image?csrf_token=' + $('#csrf').val() + '&id=' + json.showId;
                    
                    // perform a second xhttprequest in order to send the show image
                    $.ajax({